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(57) Abstract 

In General Packet Radio Ser- 
vice GPRS, the data are coded into 
frames (F) with a given length and 
comprising a header (1) and a data 
portion (2). An intruder can inter- 
fere with GPRS communication by 
transmitting unauthorized copies of 
transmitted messages, or sending 
false messages and interfere with 
communicadon integrity. The reli- 
ability of GPRS communication is 

improvtti by modiJfying the frame (F) used on a GPRS connection so that possible extra copies of the frames can be revealed TTiis can be 
achieved e.g. by adding an extra mfonmation field (3) to the data portion (2) of a GPRS frame (F), the contents of the field begins modifiS 
^^rull nr SS^JPAt^ f "^'^ information field (3) can include the idendty of die frame (F). the TTXI of the connection, 

^fn^fr^. T^T' ^ '"^^"^"y ^ algorithm generating pseudo-random numbers, A second extra 

Si ex J '^^"^ the frame (F). die fiefd being preferably formed by a different algorithm thS 
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Improving security of packet-mode transmission in a mobile 
communication system 

The invention relates to innproving the security of packet-mode data 
transmission in a mobile communication system. 
5 Figure 1 shows the parts of a cellular mobile communication system 

essential to the invention. Mobile Stations MS communicate with Base Trans- 
ceiver Stations BTS over the air interface Urn. The base stations are controlled 
by Base Station Controllers BSC associated with Mobile Switching Centres 
MSG. A subsystem administered by a base station controller BSC - including 
10 the base stations BTS controlled by it - is commonly called a Base Station 
Subsystem BSS. The interface between a centre MSC and a base station 
subsystem BSS is called the A-interface. The section of the A-interface on the 
side of the mobile services switching centre MSC is called a Network Subsys- 
tem NSS. Correspondingly, the interface between a base station controller 
15 BSC and a base station BTS is called the Abis-interface. A mobile sen/ices 
switching centre MSC switches incoming and outgoing calls. It performs simi- 
lar tasks as the centre of a public telephone network PSTN. Additionally, it 
perfonns tasks characteristic of mobile telecommunication only, such as sub- 
scriber location administration, in co-operation with network subscriber regis- 
20 ters (not separately shown in Figure 1). 

A typical radio connection used in digital mobile communication 
systems is circuit switched, i.e. the radio resources reserved for a subscriber 
are kept reserved for that connection during the whole call. General Packet 
Radio Service GPRS is a new service designed for digital mobile communica- 
25 tion systems, such as the GSM system. The packet radio service has been 
described in the ETSI recommendation TC-TR-GSM 01.60. A packet-mode 
radio connection with effective utilization of radio resources can be offered to a 
user of a mobile station MS by means of the packet radio service. In a packet 
switched connection resources are resen/ed only when there is speech or data 
30 to be transmitted. The speech or data is assembled into packets with a given 
length. Such a packet having been transmitted over the air Interface Um, and 
the transmitting party having no immediately succeeding packets to be trans- 
mitted, the radio resource can be released to the use of other subscribers. 

In order to illustrate the description, but not to limit the invention, it 
35 is assumed that the system comprises a separate GPRS service control node, 
or a GPRS Support Node GSN, which controls the operation of the packet 
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data service on the network side. This control comprises e.g. mobile station 
Logon and Logoff, mobile station location updates, and routing of data packets 
to the right destination. As regards the present application, the term "data", 
widely interpreted, refers to any information exchanged in a digital mobile 
5 communication system, such as speech coded in digital form, data transmis- 
sion between computers, or telefax data. A GSN node can be situated in con- 
nection with a base station BTS, a base station controller BSC or a mobile 
services switching centre MSG. or apart from these. The interface between a 
GSN node and a base station controller BSC is called the Gb-interface. 
10 Referring to Figure 1 and 2. information, such as control signalling 

and user data, is exchanged between a mobile station and a GSN node by 
means of GPRS frames. Each Frame F comprises at least a header 1 and a 
data portion 2. In order for the system to know which mobile station has 
transmitted the frame, the header 1 comprises an identifier for the mobile sta- 
15 tion e.g. a Temporary Logical Link Identity TLLI. At the beginning of a con- 
neciion. the GSN node assigns to a mobile station a TLLI to be used dunng a 
GPRS connection. After the GPRS connection, the same TLLI can be reas- 
signed to another mobile station. 

m addition to a TLLI, a Network Layer Service access point Identity 
20 NLSI can also be used in the header 1 to indicate the application protocol 

used by the mobile station. - 

The data portion 2 comprises confidential information, e.g. user 
data or control messages. This kind of infomiation has to be protected in order 
to prevent data transfer to third parties in a comprehensible form. The data 
25 portion 2 can be coded, i.e. encrypted by an encryption key. known only to the 
transmitter and the receiver of the message. Since mobile stations use divided 
resources instead of connection-specific radio resources, the header 1 cannot 
be similarly protected. If the headers were protected by encryption, each re- 
ceiver would have to open the headers.of all messages transmitted over the 
30 air interface Urn. Only then could a mobile station MS know to which mobile 
station the message was intended, or a GSN node could know which mob.te 
station MS transmitted the message. The GSN node does not necessanly 
know which encryption key to use. 

As the header of a frame cannot be protected, the above pnor art 
35 packet-mode data transmission involves certain security problems. Hen^ a 
third party, such as an intruder or an eavesdropper can interfere with GPRS 
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communication over the air interface Urn. In the present application such a 
person or device is referred to as an intruder. This term covers all kinds of un- 
authorized interference with communication over the air interface irrespective 
of whether the purpose of the interference is eavesdropping, disturbing com- 
5 munications, or any other unexceptional operation, e.g. an attempt to garble 
charging data. Even if the intruder is unable to unravel the contents of the 
message, (s)he may cause disturbance by using a TLLI intercepted from the 
air interface. The intruder may e.g. interfere with GPRS communication by 
transmitting unauthorized copies of messages transmitted via a GPRS con- 

10 nection, or send false messages and interfere with communication integrity. A 
typical control message is quite short and even if the intruder does not know 
the encryption key. (s)he may try to find it out by a large-scale attack. 

It is an object of the invention to provide a method for preventing 
the above possibility to interfere with GPRS communication and for improving 

15 communication reliability. The objects of the invention are achieved with a 
method which is characterized by what is disclosed in the characterizing part 
of claim 1 . The preferred embodiments of the invention are disclosed in the 
dependent claims. 

The invention is based on improving the reliability of GPRS com- 

20 munication by modifying a frame used on a GPRS connection so that frames 
sent by an intruder can be identified. This can be achieved e.g. by adding an 
extra information field to the data portion of a GPRS frame, the contents of the 
field being known only to the transmitter and the receiver of the message. In 
the present application the term "an extra information field" refers to a field 

25 added to the data portion of a frame not in order to transmit data but to im- 
prove communication reliability. The simplest way to implement this is to have 
the mobile communication system and a mobile station negotiate an encryp- 
tion algorithm and/or the parameters used by such an algorithm when the mo- 
bile station registers for use of a data transmission sen/ice. Negotiation can 

30 take place even at the beginning of a data connection and possibly even dur- 
ing a new connection. This kind of protection prevents an intruder from trans- 
mitting false messages at least for a while as (s)he does not know which en- 
cryption algorithm and/or parameter is being used. If the contents of the extra 
field do not comply with the protocol negotiated between the transmitter and 

35 the receiver, the frame may be rejected. 

An intruder can, however, send copies of frames (s)he has inter- 



PCT/FK7/00139 

4 

cepted and interfere with communication integrity. Sucin interference can be 
prevented by modifying the contents of the extra information field between two 
successive frames sent over the air interface. In a simple and computationally 
_ preferable manner the extra infonnation field is fomied different in each suc- 
5 cessive frame, e.g. so that the contents of each extra field comprise the GPRS 
frame number. The receiver can compare the frame number in the extra field 
with the frame number normally used on the connection, the number being 
sent either in the frame header, or alternatively the transmitter and the receiver 
can generate it themselves by assigning running numbers to the frames. If the 
10 frame number in the extra field does not comply with the frame number nor- 
mally used on the connection, the frame may be rejected. 

In accordance with a preferable embodiment of the invention the 
protection is further improved. Although an intruder does not know the encryp- 
tion key, (s)he may try to guess its contents and send random messages. At 
15 worst a receiver cari interpret such a message as a command, e.g. a Logoff 
message causing connection setdown. By sending numerous random mes- 
sages an intruder may interfere with communication on a GPRS connection, 
and hence is it preferable to further improve the protection. This can be done 
e.g. by adding another extra information field to the data portion of a GPRS 
20 fi-ame, the contents of the field being formed by a different algorithm and/or 
parameters than the contents of the first extra information field. 

An advantage of the protection conforming with the invention is that 
an intruder cannot send unauthorized copies of messages transmitted on a 
GPRS connection. This is because the intruder does not know the algorithm 
25 and/or the parameters used in fomning the extra infomiation field. By placing 
an extra information field in the data portion of a frame, instead of the header, 
the mechanism for protecting the data portion by encryption, implemented in 
several systems, can be utilized. The protection of the invention is simple to 
implement. The data transmission layer and the layer handling encryption are 
30 independent of the method of the invention. Modifications may be needed in 
the message handling operations above or parallel to the encryption layer 
only. The operation of network elements between the transmitter and the re- 
ceiver does not have to be modified. For these network elements the extra 
field of the invention is completely transparent. It has the same appearance as 
35 the rest of the contents of the data portion of a GPRS frame. 

The invenfion is described further hereinafter, in connecfion with 
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preferable embodiments, with reference to the accompanying drawings, in 
which: 

Figure 1 shows the parts of a mobile telephone network essential to 
the invention; 

5 Figure 2 shows the structure of a conventional GPRS frame used in 

communication between a mobile station and a GSN node; 

Figure 3 shows the structure of a secured GPRS frame of the in- 
vention; and 

Figure 4 shows the structure of a double-secured GPRS frame of 
10 the invention. 

Figure 3 shows the structure of a secured GPRS frame F of the in- 
vention. Let us assume first that the invention is applied to a system where the 
data portion of frame F is transmitted encrypted so that the encryption key is 
modified between two successive frames. Compared with a conventional 
15 frame shown in Figure 2, an extra information field 3 is added to the data por- 
tion 2 of frame F of the invention, the contents of the field being different in 
each successive frame: The contents of the extra infomiation field 3 can be 
simply the number of frame F. The receiver, i.e. a GSN node or a mobile sta- 
tion MS, can compare the frame number in the extra field 3 with the frame 

20 number normally used on the connection and sent in the frame header 1. Al- 
ternatively the transmitter and the receiver can develop the frame number 
themselves by assigning running numbers to frames F. If the frame number in 
the extra field 3 does not comply with the frame number normally used on the 
connection, the receiver may reject the frame. 

25 It is essential to the protection of the invention that the contents of 

the extra information field 3 are different in two successive frames sent over 
the air interface. In this case the contents of the extra information field 3 can 
also be the same In two successive frames before encryption as the extra in- 
formation fields 3 in successive frames are made different by encryption. The 

30 contents of the extra infonnation field 3 before encryption can be e.g. one of 
the following either wholly or partially: 

- a constant 

- the IMSI or MSISDN identity of a mobile station; 

- a connection-specific identity; or 
35 - a pseudo-random number. 

The identity of a mobile station can be its IMSI or MSISDN identity. 
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In some systems, a difference may be made between the identity of a temninal 
and the Identity of a mobile subscriber. As regards the invention, it is irrelevant 
whether the used identity identifies a temiinal or a subscriber. As regards the 
invention, the identity of a mobile station may also be temporary, e.g. an iden- 
tity negotiated between the transmitter and the receiver. 

A connection-specific identity Is an identity independent of the iden- 
tity of a mobile station or a subscriber. It may be the identity TLLI of a tempo- 
rary logical connection used on the connection. It may also be an identrty a ^ 
mobile station and a GSN node negotiate when the mobile station registers for 
use of a data transmission sen/ice. A mobile station and a GSN node may also 
negotiate a new temporary identity at the beginning of each connection or 

during the connection. . wi 

A pseudo-random number is a number developed by a suitable 
- pseudo-random algorithm so that only the transmitter and the receiver are 
1 5 aware of the used algorithm and/or the used parameters. Even if the algonthm 
generating the random number is in general knowledge, it may be thought that 
several alternative algorithms are in use. and the transmitter ^nd the receiver 
negotiate the algorithm to be used one at a time. A random number has to be 
interpreted widely so that the term covers any form of a bit sequence. It is 
20 hence not necessary to confine oneself to bit groups corresponding to e.g. 

BCD coded numbers. ^ ^ . „• 

If the invention is applied to a system where the data portion 2 of 
frame F is not sent encrypted, the contents of the extra infomiation field 3 ,^n 
be fomied by an algorithm generating pseudo-random numbers so that the 
2S contents of field 3 are modified as soon as possible be^«een two frames F 
sent over the air interface Um. For security, it is preferable to use an algonthm 
that modifies the contents of field 3 between each two frames F. 

Figure 4 shows the sthJcture of a GPRS frame conforming with a 
preferred embodiment of the invention. To further improve security, the date 
30 portion 2 of frame F also contains another information field 4. The contents of 
the other extra information field 4 can be formed by one of ''■ove algc. 
rithms. the algorithm being preferably different from the one used to fbmi the 
first extra infolation field 3. Alternatively the same algor^hm can be "sed .0 
fom, the extra information fields 3 and 4. but with different P/"™^^^^ 
35 data portion 2 of frame F is not sent encrypted, e g, frame F ""^"^'^"^ 
algorithm generating pseudo-random numbers can be used to fom, the infor- 
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mation fields 3 and 4. 

It is not absolutely necessary for the contents of the extra informa- 
tion fields 3 and/or 4 to be different in all frames used during the connection. 
The algorithm generating pseudo-random numbers, or at least one of them. 
5 may also be cyclic. 

It is obvious to those skilled in the art that the basic inventive Idea 
can be implemented in a variety of ways. In the description of the Invention it 
has been assumed, for the sake of clarity, that the functions controlling the 
packet radio operation have been concentrated to a GSN node. These func- 

10 tions can, however, be integrated with other network elements, such as a base 
station, a base station controller, or a mobile services switching centre. In this 
case the sections of the network elements concerned controlling packet radio 
operation have to be understood to replace the GSN node. The other extra 
information field used in a preferred embodiment of the invention is an illustra- 

15 tive concept, too. One may also think that one extra information field consists 
of two or more portions generated by two or more different algorithms, respec- 
tively. Thus, the invention and its embodiments are not restricted to the above 
examples, but may vary within the scope of the claims. 
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CLAIMS 

1 A method for data transmission between a transmitter and a re- 
ceiver (MS. GSN) in a digital mobile communication system con.pns.ng at 
Tst oL mobile station (MS) and at least one air interface (Um).- .n wh.ch 

5 method: _ ^^^^ ^^^^^^.^^^ i3 333ernbled into frames (F) comp^^^^^^^ 

at least a header (1 ) and a data portion (2); and ^ _ 

- frames (F) are transmitted only when there .s need for data trans- 

mission; 

10 characterized in that: 

- an extra information field (3) is added to the data portion (2) of a 

frame (F).and^ t.ansmrtter and the receiver (MS. GSN) negotiate l^tween 
themselves an algorithm and/or a parameter on the basis of which the con- 
15 tents of the extra information field (3) are formed. d that the 

2. A method as claimed in claim 1 . c h a r a c t e r . z e ^ " t^.«* 
algorithm and/or parameter are negotiated when a mobile station (MS) regis- 
ters for use of a data transmission service. .w^ttho 

3 Amethodasclaimedindaiml. character. zed inthatthe 

20 algorithm and/or parameter are negotiated at the beginning of each connec- 

4 A method as claimed in claim 3. c h a r a c t e r i z e d in that the 
algorithm and/or parameter are renegotiated during the connection^ 

5 Amethodasclaimedindaiml. characterized inthatthe 

25 contents of the extra information field (3) are modified between two successive 
frames (F) transmitted over the air interface (Um). ,,„=^harac. 

6. A method as daimed in any one of da.ms 1 to 5. c h a r a c 
terized in that the data portions (2) of the frames (F) are ^^J"" 
crypted over the air interface (Um) and the extra information field (3) com- 

30 prises at least one of the following identities: 

- a bit sequence constant 

- the identity of the frame (F) concerned or a portion thereof; 

- the IMS! or MSISDN identity of the mobile station; 

- a connection-specific identity; or 

35 -a pseudo-random number. 

7. A method as daimed in any one of daims 1 to 5. c h a r a c 
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t e r i z e d in that the extra information field (3) comprises an identity formed 
by an algorithm generating pseudo-random numbers, whereby the data por- 
tions (2) of the frames (F) can be sent encrypted or unencrypted over the air 
interface (Urn). 

5 8. A method as claimed in any one of claims 1 to 7, charac- 

terized in that to improve protection, at least one second extra information 
field (4) is added to the data portion (2) of a frame (F), the field comprising at 
least one of the following identities: 

- a bit sequence constant 

10 - the identity of the frame (F) concerned or a portion thereof; 

- the IMSI or MSISDN identity of the mobile station; 

- a connection-specific identity; or 

- a pseudo-random number. 

9. A method as claimed in claim 8, characterized in that at 
15 least one of the second extra information fields (4) comprises a different iden- 
tity than the first extra information field (3). 
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